Clickjacking exploit on Facebook

I spotted a post today on Facebook which looked rather suspicious. The link was titled “EMBARRASSING: Father caught daughter on WEBCAM!!!” and was obviously designed to lure people in to clicking on the link. It went to the URL qok7.info which claimed to have a YouTube security verification notice (a CAPTCHA) you had to fill in before viewing the video.

In fact, it’s a clickjacking exploit that contains a hidden form which submits a public comment on your Facebook account with a link back to this site. I first came across clickjacking exploits on Chris Shiflett’s blog, it’s a cunning method of hiding a real form within an iframe behind something like an image that usually has something clickable on it. In this case it has a fake CAPTCHA form whose fake form elements are lined up to submit the real Facebook status update form hidden in the iframe.

This exploit may be related to the daughter on webcam issue reported by Sophos or this might just be an example of very successful keywords used by scammers.

I see it’s been reported on Facebook’s security pages, I don’t know if it’s something Facebook can technically fix but I would hope they can ban links from this website to avoid users inadvertently spreading this exploit.

So if you’re a Facebook user don’t go clicking on links about daughters on webcams. Or any suspicious links for that matter. Always check URLs and if it looks dodgy, get out of there!